EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Salesforce Hack: ShinyHunters Claims Theft of 1.5 Billion Records
    • Home
    • Cybercrime
    • Salesforce Hack: ShinyHunters Claims Theft of 1.5 Billion Records

    Salesforce Hack: ShinyHunters Claims Theft of 1.5 Billion Records

    Written by
    The Editorial Team
    09.22.25
    Cybercrime
    02
    MIN
    Salesforce Hack: ShinyHunters Claims Theft of 1.5 Billion Records
    Salesforce Hack: ShinyHunters Claims Theft of 1.5 Billion Records
    Salesforce Hack: ShinyHunters Claims Theft of 1.5 Billion Records
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image GitHub confirms it was hacked by TeamPCP
    Cybercrime
    05.21.26 Cybercrime
    Next article
    GitHub confirms it was hacked by TeamPCP
    Read
    01
    MIN
    Image A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Cybercrime
    05.21.26 Cybercrime
    Next article
    A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Read
    01
    MIN
    Image Massive data breach hits Asian football two months before the World Cup
    Cybercrime
    04.29.26 Cybercrime
    Next article
    Massive data breach hits Asian football two months before the World Cup
    Read
    01
    MIN
    This massive breach has impacted dozens of organizations, including Google, Cloudflare, and several major cybersecurity companies.

    A spokesperson for the cybercriminal group ShinyHunters detailed to Bleeping Computer on September 17, 2025, the massive hack of Salesforce, the customer relationship management (CRM) platform. Initiated in early 2025, the cyberattack exploited compromised OAuth tokens used by Salesloft Drift, an AI-powered chatbot integrated into the CRM.

    This entry point allowed attackers to steal large volumes of data from Salesforce client companies between August 8 and August 18, 2025. Among the victims are Google, Cloudflare, and cybersecurity companies CyberArk, Proofpoint, and Palo Alto Networks, as well as Zscaler, Tenable, Elastic, JFrog, Nutanix, Qualys, Rubrik, and Cato Networks.

    The cybercriminal consortium Scattered Lapsus$ Hunters — which brings together the English-speaking groups ShinyHunters, Scattered Spider, and Lapsus$ — has claimed responsibility for the breach. According to the ShinyHunters spokesperson, the operation led to the theft of 1.5 billion Salesforce records.

    Google Threat Intelligence (GTI) attributed the attack to two groups it labeled UNC6040 and UNC6395. The FBI had issued an alert regarding these groups in early September 2025.

    On September 18, 2025, fourteen cybercriminal groups — including Scattered Spider and Lapsus$ — announced they were suspending communications on Telegram, suggesting a pause in their activities. On the same day, British police revealed the arrest of two teenagers suspected of being members of Scattered Spider.

    The Editorial Team
    09.22.25
    Articles by the same author:
    1
    05.27.26 Cyber stability
    The ECB summons European banks to discuss AI-related risks
    Read
    01
    MIN
    2
    05.25.26 Cybercrime
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    3
    05.25.26 Cybercrime
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    4
    05.25.26 Digital transformation
    Canada: government ready to amend its law on law enforcement access to data
    Read
    01
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image GitHub confirms it was hacked by TeamPCP
    Cybercrime
    05.21.26 Cybercrime
    Next article
    GitHub confirms it was hacked by TeamPCP
    Read
    01
    MIN
    Image A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Cybercrime
    05.21.26 Cybercrime
    Next article
    A 0-day attack against Huawei routers may have caused Luxembourg’s telecom outage in 2025
    Read
    01
    MIN
    Image Massive data breach hits Asian football two months before the World Cup
    Cybercrime
    04.29.26 Cybercrime
    Next article
    Massive data breach hits Asian football two months before the World Cup
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.